$query = "SELECT * from Members WHERE FirstName".$_POST['Value1']."'";
//stores this value into $query for when $_POST['Value1'] is Fred:
// SELECT * from Members WHERE FirstNameFred'

To fix it, just make sure you're creating a valid query. You also want to make sure to protect yourself from potential sql injection etc, and PDO makes that easier too. If you just want to fix this script without adding any extra protection, or improving your code with PDO (or even mysqli functions) then change that line to read: